8.8

CVE-2008-0087

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows 2000 Version- Updatesp4
MicrosoftWindows Server 2003 Version- Updatesp1
MicrosoftWindows Server 2003 Version- Updatesp2
MicrosoftWindows Vista Version-
MicrosoftWindows Xp Version- Update- SwEditionprofessional HwPlatformx64
MicrosoftWindows Xp Version- Updatesp2
MicrosoftWindows Xp Version- Updatesp2 SwEditionprofessional HwPlatformx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 56.87% 0.981
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 8.8 8.6 9.2
AV:N/AC:M/Au:N/C:N/I:C/A:C
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://marc.info/?l=bugtraq&m=120845064910729&w=2
Third Party Advisory
Mailing List
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
Third Party Advisory
US Government Resource
Broken Link
http://secunia.com/advisories/29696
Third Party Advisory
Broken Link
http://www.securityfocus.com/archive/1/490575/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/28553
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1019802
Third Party Advisory
Broken Link
VDB Entry